News You Might’ve Missed. 26 – 29 Apr

What's new this week in the news for MSPs? Google launches new cybersecurity features for Google Cloud and Workspace; Washington, DC Police Department ransomware attack; and Prometei botnet leveraged by hackers in Microsoft Exchange exploits.

Let's see what it's all about.

Google Launches New Cybersecurity Features for Google Cloud and Workspace

This week Google began the rollout of a new set of cybersecurity features for Google Cloud and the Workspace suite, which include machine learning models that will prevent data leaks. This update comes following cybersecurity updates to Google’s Cloud Spanner database.

What’s more, the machine learning models being rolled out are also being included in Cloud DLP, a service that lets businesses find documents that have sensitive information and limit their access.

More upgrades will be rolled out to Google Cloud’s VPC service soon, they say. This product lets businesses isolate apps they host and other internal workloads, so as to keep them out of the public web.

The security upgrades for Google’s productivity suite, Workspace, are aimed at the Vault tool. Administrators can manage business files that employees store in Workspace services such as Drive, using Vault. It now comes loaded with tooltips that will provide pointers to administrators on how to set up retention policies and holds.

Washington, DC Police Department Ransomware Attack

A group known as Babuk has leaked data from Washington, DC Police Department, according to a New York Times article this week. The data includes reports from the department’s chief, details on persons of interest, and lists of arrests.

A spokesperson for the department said that they are aware of the unauthorized access to its server that was mentioned in the New York Times article. They are reviewing the unauthorized activity and have requested the FBI to look into the incident.

The Babuk hackers said in a post on the dark web that they downloaded 250 gigabytes of data from the police department. The hackers have said they will release the data if the ransom demand is not met within three days.

They also say they will release information about department informants to criminal gangs and will continue to attack members of the state sector, such as the FBI and CISA (Cybersecurity and Infrastructure Security Agency), among others.

Prometei Botnet Leveraged by Hackers in Microsoft Exchange Exploits

Vulnerabilities in Microsoft Exchange servers have been targeted by several hackers. Both of these have been linked to Hafnium, a state-sponsored threat actor first reported in March 2021.

Now, cybercriminals are using the Prometei botnet to exploit these vulnerabilities, according to Cybereason.

Prometei attackers are using Exchange vulnerabilities, which permit them to infiltrate networks. Once in, they begin malware deployment, credential theft, and other nefarious activities. The businesses they are targeting span a variety of industries. These include insurance, finance, retail, manufacturing, travel, utilities, and construction.

Prometei first attempts to install the Monero miner component across Exchange users’ endpoints. It uses exploits such as BlueKeep and EternalBlue to do this. Then it collects credentials and uses varied techniques that let it extend its reach across a network.

Prometei is also designed to interact with four C2 (command and control) servers. This capability makes its infrastructure stronger and it is less vulnerable to takedowns.

The best way to protect your organization is by using the Exchange patches released by Microsoft after the Hafnium attacks were discovered. A few other things that organizations can do to protect themselves against the Prometei and other types of botnet attacks are to monitor network activities, track failed login attempts, and keep all software and systems up to date.

Educating employees about botnets and other cyber-threats helps them do their part to fight these hazards.

That's a Wrap for News You Might've Missed

I hope this update has been helpful. MSP360 is your resource for MSP news. Stay home, stay safe and healthy, and remember to check back next month for more highlights.